CFPB Rulemaking

In its blog post announcing the Fall 2018 Rulemaking Agenda, the CFPB announced that it is “considering how rulemaking may be helpful to further clarify the meaning of ‘abusiveness’ under the section 1031 of the Dodd-Frank Act.” This statement follows press reports of Acting Director Mulvaney commenting about the possibility of a rulemaking to define the meaning of “abusiveness” under Dodd-Frank, to bring clarity to this aspect of the Bureau’s authority.

Professor Adam Levitin published a blog on Credit Slips in which he argued that such a rulemaking seems like a non-event, since the Bureau never really used the “abusive” prong of Dodd-Frank in any instance in which “unfair” and/or “deceptive” were not also used. Prof. Levitin notes that the rulemaking process would likely be difficult, and wouldn’t make any difference in the Bureau’s future use of its powers under Dodd-Frank.

Although I enjoy disagreeing with Prof. Levitin, in this instance, I think he has it right. Having watched the Bureau’s enforcement activity closely over the last seven years, I saw the “abusive” label used in a number of instances, but they all seemed like situations in which “unfair” or “deceptive” were equally applicable. Moreover, the real problem with CFPB enforcement was not the absence of a definition of the terms “unfair,” “deceptive” or “abusive,” but the fact that the Bureau didn’t seem bound by the definitions of any of the terms, and simply labeled practices to be UDAAP violations without worrying about applying the elements of a statutory test. The Bureau’s current leadership has signaled that it does not plan to continue this practice, but no rulemaking is required to prevent it – just leadership that respects the limits of its authority under the law.

Professor Levitin makes another observation, too, that I think is worth highlighting. He notes, correctly, that state attorneys general cannot make claims against national banks or federal savings associations to directly enforce the UDAAP provisions in Dodd-Frank. However, under § 1042(a)(2) of Dodd-Frank, a state attorney general can bring claims to enforce “a regulation prescribed by the Bureau” under the UDAAP provisions of the statute. Thus, an “abusive” rulemaking would create an argument that this state attorney general authority has been triggered.

Against this backdrop, I think the practical impact of an “abusive” rulemaking, even if it is completed, is likely to be very limited, and possibly counterproductive. The “abusive” prong of Dodd-Frank has always been a magnet for expressions of concern about the Bureau’s activities, but I think a rulemaking that attempts to define the term more specifically will be only marginally helpful, at best. It will be interesting to see if the rulemaking process moves forward, as suggested in today’s Rulemaking Agenda.

“The Bureau is considering future [rulemaking] activity with regard to specific areas of consumer financial law of significant public interest. For example, the Bureau announced in May 2018 that it is reexamining the requirements of the Equal Credit Opportunity Act (ECOA) concerning the disparate impact doctrine in light of recent Supreme Court case law and the Congressional disapproval of a prior Bureau bulletin concerning indirect auto lender compliance with ECOA and its implementing regulations.”

This is a very interesting development, because it suggests that the Bureau’s “reexamination” of disparate impact may not merely be a matter of informal interpretation or enforcement/supervision priorities, but may become enshrined in a rule (presumably an amendment to Regulation B). If this happens, its effects would likely be more permanent and widespread than a more informal statement of position relating to disparate impact. A rule, once finalized, would presumably:

remain in effect indefinitely, until altered by another notice-and-comment rulemaking;

be binding on other federal agencies (like the Department of Justice) and on courts, as an authoritative interpretation of ECOA;

survive any leadership change at the Bureau, again subject to the rulemaking process being restarted; and

prevent the Bureau from applying any different standard for disparate impact retroactively upon a change in leadership at the agency.

So, a disparate impact rulemaking could be very significant over the long term. But what direction might such a rulemaking take?

One possibility would be to remove the “effects test” language from Regulation B (§ 1002.6(a)) and state affirmatively that there is no disparate impact theory of liability under ECOA. There is certainly support in the statutory language, and the reasoning of Inclusive Communities, for that result. Indeed, this conclusion was the one highlighted in the House Financial Services Committee’s Unsafe at Any Bureaucracy report, including a chart that shows the distinctions between ECOA and other federal statutes illustrating that there is no language in ECOA to support a disparate impact theory of liability.

Another idea might be to follow the path of the HUD disparate impact rulemaking under the Fair Housing Act, to carefully define the elements of a disparate impact claim in a way that limits application of the theory to more well-settled situations and which gives appropriate deference to reasonable business justifications. We blogged about the HUD rulemaking most recently here.

A third potential would be to flesh out the “robust causality” requirement discussed in Inclusive Communities to require significant proof beyond statistical analysis for any disparate impact claim, which again could serve to curb what the Supreme Court labeled “abusive” claims of disparate impact.

We don’t know what the Bureau may do in this regard, or whether the foreshadowing of an ECOA rulemaking will actually be carried through to completion, but if it is, it could be a very significant, long-term development for fair lending law.

The CFPB’s Fall 2018 rulemaking agenda has been published by the Office of Information and Regulatory Affairs (OIRA) as part of its Fall 2018 Unified Agenda of Federal Regulatory and Deregulatory Actions. (OIRA is part of the Office of Management and Budget.) It represents the CFPB’s second rulemaking agenda under the Trump Administration and Acting Director Mick Mulvaney’s leadership. The agenda’s preamble indicates that the information in the agenda is current as of August 30, 2018 and identifies the regulatory matters that the Bureau “reasonably anticipates having under consideration during the period from October 1, 2018, to September 30, 2019.”

As signaled by Mr. Mulvaney in comments made earlier this week, the preamble indicates that the Bureau is considering “whether rulemaking or other activities may be helpful to further clarify the meaning of ‘abusiveness’ under section 1031 of the Dodd-Frank Act.” Such rulemaking is included on the CFPB’s list of “long-term actions” that is part of the unified agenda.

The preamble further states that the future activity being considered by the Bureau includes “reexamining the requirements of the Equal Credit Opportunity Act (ECOA) in light of recent Supreme Court case law and the Congressional disapproval of a prior Bureau bulletin concerning indirect auto lender compliance with ECOA and its implementing regulations.” The preamble references the CFPB’s May 2018 statement that was issued following such Congressional disapproval in which the CFPB announced that it was reexamining the ECOA requirements. However, unlike the “abusiveness” rulemaking, the ECOA rulemaking is not included on the CFPB’s list of long-term actions or otherwise listed in its rulemaking agenda.

With regard to the CFPB’s rulemaking to reconsider its final payday/auto title/high-rate installment loan rule (Payday Rule), the Fall 2018 agenda estimates the issuance of a notice of proposed rulemaking (NPRM) in January 2019. (The Spring 2018 rulemaking agenda had estimated issuance of a NPRM in February 2019.) The Payday Rule’s compliance date is August 19, 2019. In the preamble, the CFPB states that it expects to issue a NRPM “by no later than early 2019 that will address reconsideration of the rule on the merits as well as address changes to its compliance date.”

In addition to reconsidering the Payday Rule, the other key rulemaking initiatives listed on the Fall 2018 agenda are:

Debt Collection. The agenda states that the Bureau “expects to issue [a NPRM] addressing such issues as communication practices and consumer disclosures by spring 2019.” It estimates the issuance of a NPRM in March 2019.

Business Lending Data. Dodd-Frank Section 1071 amended the ECOA to require financial institutions to collect and maintain certain data in connection with credit applications made by women- or minority-owned businesses and small businesses. Such data includes the race, sex, and ethnicity of the principal owners of the business. In May 2017, the CFPB issued a RFI and a white paper on small business lending in conjunction with a field hearing on small business lending. In the Spring 2018 agenda, the Section 1071 rulemaking was included in the list of current rulemakings, with an estimated March 2019 date for prerule activities. The Fall 2018 agenda reclassifies the Section 1071 rulemaking as a long-term action item. In the preamble, the CFPB attributes the rulemaking’s new status to the Bureau’s “need to focus additional resources on various HMDA initiatives.”

HMDA/Regulation C. The CFPB states that it expects to issue final guidance in late 2018 to govern the disclosure of loan-level HMDA data in 2019. However, to address HMDA data disclosure in future years, the CFPB states that it has decided to add a new notice-and-comment rulemaking to its agenda and estimates a May 2019 date for issuance of a NRPM. The agenda estimates a March 2019 date for the CFPB’s issuance of a NRPM “to address some or all” of the issues related to various HMDA projects under consideration, such as revisiting the Bureau’s 2015 HMDA rule and its August 2018 interpretive rule regarding amendments made to HMDA by the Economic Growth, Regulatory Relief, and Consumer Protection Act.

Inherited Regulations. These are the existing regulations that the CFPB inherited from other agencies through the transfer of authorities under the Dodd-Frank Act. The CFPB indicates that it expects to focus its initial review on the subparts of Regulation Z that implement TILA with respect to open-end credit and credit cards in particular. By way of example, the CFPB states that it expects to consider adjusting rules concerning the database of credit card agreements it is required to maintain by the CARD Act “to reduce burden on issuers that submit credit card agreements to the Bureau and make the database more useful for consumers and the general public.” The CFPB states it may launch additional projects after reviewing the responses it received to its RFIs on the inherited regulations and rules issued by the CFPB.

Consumer reporting. The Fall 2018 agenda indicates that the Bureau will evaluate potential additional rules or amendments to existing regulations governing consumer reporting, with possible topics for consideration to include the accuracy of credit reports, including the processes for resolving consumer disputes, identity theft, or other issues.

Consumer Access to Financial Records. In November 2016, the CFPB issued a RFI about market practices related to consumer access to financial information. The Fall 2018 agenda states that the Bureau will continue to monitor market developments and evaluate possible policy responses to issues identified, including potential rulemaking. Possible topics the Bureau might consider include specific acts or practices and consumer disclosures. In addition, the Bureau plans to consider “whether clarifications or adjustments are necessary with respect to existing regulatory structures that may be implicated by current and potential developments in this area.”

Regulation E Modernization. The Fall 2018 agenda states that the Bureau “will evaluate possible updates to the regulation, including but not limited to how providers of new and innovative products and services comply with regulatory requirements” and that “potential topics for consideration might include disclosure provisions, error resolution provisions, or other issues.”

Three items no longer mentioned in the CFPB’S agenda are overdrafts, “larger participant” rules, and student loan servicing. The CFPB designated these items as “inactive” when it issued its Spring 2018 agenda.

In this week’s podcast, Ballard Spahr partners Alan Kaplinsky and Chris Willis examine how the CFPB has changed under the leadership of Acting Director Mick Mulvaney and their expectations for future developments.

Alan and Chris discuss the practical impact of Mr. Mulvaney’s leadership on the CFPB’s day-to-day operations in the areas of supervision and enforcement, particularly with regard to how the CFPB’s public statements line up with its actual practices. With regard to supervision and examinations, they highlight the Bureau’s current approach to UDAAP violations and military lending.

In the area of enforcement, Alan and Chris discuss the volume and nature of the Bureau’s current enforcement activity. They also report on the status of the Bureau’s rulemaking initiatives and share their expectations for rulemaking under new leadership, including with regard to the Bureau’s payday lending rule and a debt collection rule. They conclude the podcast by sharing their observations on the current compliance environment and its impact on decision-making by consumer financial services providers.

On September 12, the Bureau of Consumer Financial Protection (Bureau) issued a final rule that amends the procedures used by the public to obtain information from the Bureau under the Freedom of Information Act (FOIA), the Privacy Act of 1974, and in legal proceedings.

A number of the rule’s amendments simply align policy with practice. For example, the rule codifies the Bureau’s practice of using the same identity verification procedures for both Privacy Act requests and first-party FOIA requests. The rule also requires the Bureau to acknowledge and provide requesters with tracking numbers for FOIA requests that have not been perfected – something the Bureau does already.

Other amendments were required by the FOIA Improvement Act of 2016 – the rule establishes a minimum of 90 days for requesters to file an administrative appeal, requires the Bureau to provide dispute resolution services at various times throughout the FOIA process, and it also details the miscellaneous circumstances where the Bureau may not assess fees.

There are also some rule amendments that were apparently proposed by the National Archives and Records Administration’s Office of Government Information Services (OGIS). Adopting OGIS suggestions, the rule narrows the delegation authority of the Bureau’s Chief FOIA Officer, clarifies the form and content requirements for a FOIA request and a request for expedited processing, and allows requests for expedited processing to be made at any time. Previously, requesters were only able to seek expedited process with their initial request.

Finally, the rule makes minor revisions to what are known as the Touhy Regulations, which set forth procedures to be followed with respect to subpoenas, court orders, or other requests or demands for any Bureau information, whether contained in the files of the Bureau or acquired by a Bureau employee as part of the performance of that employee’s duties or by virtue of employee’s official status. The rule also describes the Bureau’s procedures for considering such requests or demands for official information.

Notably, the rule does not revise the provisions regarding the protection of confidential information or the procedures for sharing confidential information with other government agencies. These provisions have been of significant concern to industry since they were finalized in February 2013 because they allow the Bureau to make discretionary disclosures of confidential information to state AGs. It is thus no wonder that the state AGs wrote a comment letter in support of this final rule.

On September 12, 2018, the Bureau of Consumer Financial Protection (the “Bureau”) issued an interim rule to update two model disclosures following the recent enactment of the Economic Growth, Regulatory Relief, and Consumer Protection Act (the “Act”).

Pursuant to the Act, nationwide consumer reporting agencies must provide free national security freezes, which prevent potential lenders from accessing a consumer’s report and, in turn, limit an identity thief’s ability to open accounts in the consumer’s name. The Act also requires that a notice regarding the right to a security freeze be provided to any consumer that receives either the Summary of Consumer Rights or the Summary of Consumer Identity Theft Rights pursuant to the Fair Credit Reporting Act. The Act’s new requirements take effect on September 21, 2018.

In an effort to help businesses comply with the Act’s requirements, the Bureau’s interim rule updates its model forms to incorporate a security freeze notice and reflect the new minimum duration for initial fraud alerts, which the Act extended from 90 days to one year. Additionally, the interim rule permits compliance alternatives to assist users of the Bureau’s 2012 model forms. Specifically, under the interim rule, the Bureau will consider the use of the model forms published on November 14, 2012 in Appendices I and K (or a “substantially similar” form) to comply with the FCRA’s form requirements so long as a separate page containing the following additional information also is provided in the same transmittal: (i) a statement that the minimum duration of initial fraud alerts changed from 90 days to one year effective September 21, 2018, (ii) a notice that consumers have a right to a security freeze, as explained in the new version of Appendix K; and (iii) updated contact information for certain FCRA enforcement agencies. While this compliance alternative can be used after the interim rule goes into effect later this month, the Bureau has advised that users should discontinue use of the older model forms published on December 21, 2011 no later than September 21, 2018.

The CFPB recently released an interpretive and procedural rule to implement and clarify the partial exemption from the Home Mortgage Disclosure Act (HMDA) adopted in the Economic Growth, Regulatory Relief, and Consumer Protection Act (also known as S.2155).

As we reported previously, the Act amended HMDA to create an exemption applicable to the new data categories added by Dodd-Frank and the HMDA rule adopted by the CFPB for insured depository institutions and insured credit unions that originate mortgage loans below certain thresholds. Additionally, depository institutions must meet certain Community Reinvestment Act rating criteria.

For closed-end mortgage loans, the partial exemption will apply if the institution or credit union originated fewer than 500 such loans in each of the preceding two calendar years. For home equity lines of credit (HELOCs), the partial exemption will apply if the institution or credit union originated fewer than 500 HELOCs in each of the preceding two calendar years. The HELOC change will not initially affect reporting because, for 2018 and 2019, the threshold to report HELOCs is 500 transactions in each of the preceding two calendar years under a temporary CFPB rule.

Even if a depository institution originates loans or HELOCS below the applicable threshold, the Act’s partial exemption from reporting the new HMDA data categories does not apply if the institution received a rating of “needs to improve record of meeting community credit needs” during each of its two most recent CRA examinations, or “substantial noncompliance in meeting community credit needs” on its most recent CRA examination.

In July 2018 the CFPB advised that the partial exemption will not affect the format of 2018 Loan Application Registers (LARs) and that:

LARs will be formatted according to the previously-released 2018 Filing Instructions Guide for HMDA Data Collected in 2018 (2018 FIG).

If an institution does not report information for a certain data field due to the partial exemption, the institution will enter an exemption code for the field specified in a revised 2018 FIG that the CFPB expects to release later this summer.

All LARs will be submitted to the same HMDA Platform.

The CFPB also advised that it expected later in the summer to provide further guidance on the applicability of the partial exemption to HMDA data collected in 2018. The interpretive and procedural rule contains the further guidance. As previously indicated, the CFPB also issued a revised FIG for 2018 data to account for the partial exemption.

The interpretive and procedural rule:

Clarifies the HMDA data points that are covered by the partial exemption. A table in the rule reflects that 26 data points are covered by the partial exemption, and that 22 data points still must be reported by institutions or credit unions that qualify for the partial exemption.

Provides that institutions and credit unions that qualify for the partial exemption may elect to report the exempted data, provided that they report all data fields within any exempt data point for which they report data. For example, if an institution or credit union elects to report a data field that is part of the property address, it must report all other data fields that are part of the property address data point.

Clarifies that only closed-end loans and open-end lines of credit that are otherwise reportable under HMDA count toward the 500 loan and 500 line of credit thresholds.

Provides that if an institution or credit union elects not to report a universal loan identifier for an application or loan, it must report a non-universal loan identifier that meets specified requirements and must be unique within the institution or credit union.

Clarifies the exception to the partial exemption for negative CRA history must be assessed as of December 31 of the preceding calendar year.

The interpretative and procedural rule will become effective upon publication in the Federal Register. The CFPB advises that it expects to initiate a notice-and-comment rulemaking to incorporate the interpretations and procedures contained in the rule into Regulation C and to further implement the Act.

The CFPB has published a final rule regarding various annual adjustments it is required to make under provisions of Regulation Z (TILA) that implement the CARD Act, HOEPA, and the ability to repay/qualified mortgage provisions of Dodd-Frank. The adjustments reflect changes in the Consumer Price Index in effect on June 1, 2018 and will take effect January 1, 2019.

CARD Act. The CARD Act requires the CFPB to calculate annual adjustments of (1) the minimum interest charge threshold that triggers disclosure of the minimum interest charge in credit card applications, solicitations and account opening disclosures, and (2) the fee thresholds for the penalty fees safe harbor. The calculation did not result in a change for 2019 to the current minimum interest charge threshold (which requires disclosure of any minimum interest charge above $1.00). However, it did result in a change for 2019 to the first and subsequent violation safe harbor penalty fees. Such fees were increased to $28 (currently $270 and $39 (currently $38), respectively.

HOEPA. HOEPA requires the CFPB to annually adjust the total loan amount and fee thresholds that determine whether a transaction is a high cost mortgage. In the final rule, for 2019, the CFPB increased the current total loan amount threshold from $21,032 to $21,549, and the current points and fees threshold from $1,029 to $1,052. As a result, in 2019, a transaction will be a high-cost mortgage (1) if the total loan amount is $21,549 or more and the points and fees exceed 5 percent of the total loan amount, or (2) if the total loan amount is less than $21,549 and the points and fees exceed the lesser of $1,077 or 8 percent of the total loan amount.

Ability to repay/QM rule. Pursuant to its ability to repay/QM rule, the CFPB must annually adjust the points and fees limits that a loan cannot exceed to satisfy the requirements for a QM. The CFPB must also annually adjust the related loan amount limits. In the final rule, the CFPB increased these limits for 2019 to the following:

For a loan amount greater than or equal to $107,747 (currently $105,158), points and fees may not exceed 3 percent of the total loan amount

For a loan amount greater than or equal to $64,648 (currently $63,095) but less than $107,747, points and fees may not exceed $3,232

For a loan amount greater than or equal to $21,549 (currently $21,032) but less than $64,648, points and fees may not exceed 5 percent of the total loan amount

For a loan amount greater than or equal to $13,468 (currently $13,145) but less than $21,549, points and fees may not exceed $1,077

For a loan amount less than $13,468 (currently $13,145), points and fees may not exceed 8 percent of the total loan amount

The CFPB has issued a final rule amending the provisions of Regulation P that implement the Gramm-Leach-Bliley Act (GLBA) annual privacy notice requirement. The final rule is intended to reflect the GLBA amendments made by the Fixing America’s Surface Transportation Act that exempted financial institutions meeting certain conditions from the annual notice requirement. The statutory exemption from the annual notice requirement became effective in December 2015. The amendments to Regulation P made by the final rule will be effective 30 days from the final rule’s publication in the Federal Register.

The final rule provides that a financial institution is not required to deliver a GLBA annual privacy notice if the financial institution (1) only shares nonpublic personal information (NPPI) with nonaffiliated third parties only under one of the GLBA exceptions that do not trigger a customer’s opt-out rights (§ 1016.13, § 1016.14, or § 1016.15); and (2) has not changed its policies and practices with regard to disclosing NPPI from the policies and practices that were disclosed in the most recent privacy notice provided to the customer. Financial institutions that choose to take advantage of the annual notice exemption must still provide any opt-out disclosures required under the Fair Credit Reporting Act (FCRA), which can generally be provided in the initial privacy notice. In the Supplementary Information accompanying the final rule, the CFPB states that it does not interpret the second condition for using the annual notice exemption to include changes to a financial institution’s FCRA disclosures or changes to voluntary disclosures and opt-outs that are provided in the institution’s privacy notice.

The final rule includes timing requirements for providing annual privacy notices by a financial institution that no longer meets the conditions for the exemption. The timing requirements vary depending on whether the change that causes the institution to no longer satisfy the conditions for the exemption also triggers a requirement under Regulation P to provide a revised privacy notice. Under Regulation P, a financial institution must provide revised notices before it begins to share NPPI with a nonaffiliated third party if such sharing would be different from what the institution described in the initial privacy notice it delivered.

The final rule also removes the alternative delivery method for GLBA annual privacy notices that Regulation P (pursuant to a 2014 amendment) allowed financial institutions to use if they met certain conditions. Since any financial institution that met the conditions for using the alternative delivery method would meet the conditions for the statutory exemption, the CFPB believes an institution with both options available to it would choose not to provide an annual privacy notice at all rather than provide it using the alternative delivery method. However, the CFPB indicates in the Supplementary Information that financial institutions that qualify for the annual notice exemption can still, without affecting their eligibility for the exemption, choose to post privacy notices on their websites, provide privacy notices to consumers who request them, and notify consumers of the notices’ availability.

As we reported previously, the Act exempts depository institutions and credit unions from the new reporting categories added by Dodd-Frank and the HMDA rule adopted by the CFPB with regard to (1) closed-end loans, if the institution or credit union originated fewer than 500 such loans in each of the preceding two calendar years, and (2) home equity lines of credit (HELOCs), if the institution or credit union originated fewer than 500 HELOCs in each of the preceding two calendar years. The HELOC change will not initially affect reporting because, for 2018 and 2019, the threshold to report HELOCs is 500 transactions in each of the preceding two calendar years under a temporary CFPB rule.

The Act’s partial exemption from reporting the new HMDA data does not apply if the institution received a rating of “needs to improve record of meeting community credit needs” during each of its two most recent Community Reinvestment Act (CRA) examinations, or “substantial noncompliance in meeting community credit needs” on its most recent CRA examination.

The CFPB advises in its recent statement that it expects later this summer to provide further guidance on the applicability of the partial exemption to HMDA data collected in 2018. The CFPB also advises that the partial exemption will not affect the format of 2018 Loan Application Registers (LARs) and that:

LARs will be formatted according to the previously-released 2018 Filing Instructions Guide for HMDA Data Collected in 2018 (2018 FIG).

If an institution does not report information for a certain data field due to the partial exemption, the institution will enter an exemption code for the field specified in a revised 2018 FIG that the CFPB expects to release later this summer.

All LARs will be submitted to the same HMDA Platform.

The CFPB also notes that a beta version of the HMDA Platform for submission of data collected in 2018 will be available later this year for filers to test.

In Financial Institution Letter FIL-36-2018 and in OCC Bulletin 2018-19 the Federal Deposit Insurance Corporation and Office of the Comptroller of the Currency, respectively, issued similar guidance to institutions.

Practice Leaders

ABOUT THE CFS GROUP

The Consumer Financial Services Group is nationally recognized for its guidance in structuring and documenting new consumer financial services products, its experience with the full range of federal and state consumer credit laws throughout the country, and its skill in litigation defense and avoidance, including pioneering work in pre-dispute arbitration programs.
Read More